<!--
  This file is a part of the open-eBackup project.
  This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.
  If a copy of the MPL was not distributed with this file, You can obtain one at
  http://mozilla.org/MPL/2.0/.
  
  Copyright (c) [2024] Huawei Technologies Co.,Ltd.
  
  THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
  EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
  MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
  -->

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-us" xml:lang="en-us">
 <head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge">
  <meta name="DC.Type" content="topic">
  <meta name="DC.Title" content="Adding the Public Key of an SFTP Client User to the SFTP Server">
  <meta name="DC.Format" content="XHTML">
  <meta name="DC.Identifier" content="EN-US_TOPIC_0000002164669354">
  <meta name="DC.Language" content="en-us">
  <link rel="stylesheet" type="text/css" href="public_sys-resources/commonltr.css">
  <title>Adding the Public Key of an SFTP Client User to the SFTP Server</title>
 </head>
 <body style="clear:both; padding-left:10px; padding-top:5px; padding-right:5px; padding-bottom:5px">
  <a name="EN-US_TOPIC_0000002164669354"></a><a name="EN-US_TOPIC_0000002164669354"></a>
  <h1 class="topictitle1">Adding the Public Key of an SFTP Client User to the SFTP Server</h1>
  <div>
   <p>If multiple SFTP clients need to access the server as an SFTP user, you are advised to add the public keys of the SFTP client users to the server as instructed in this section. The operations for adding a public key for the first time are different from those for a non-first time. This section describes how to log in to the server as user <strong>sftpuser</strong> on the server by user <strong>root</strong> on the client.</p>
   <div class="section">
    <h4 class="sectiontitle">Procedure</h4>
    <ol>
     <li><span>Run the following command to access the <strong>sftpuser</strong> user directory:</span><p></p><pre class="screen">cd /sftpuser</pre> <p></p></li>
     <li><span>Run the following command to check whether a public key has been added to the <strong>sftpuser</strong> user directory:</span><p></p><pre class="screen">ls</pre>
      <div class="p">
       If the command output does not contain the following information, no public key is added to the <strong>sftpuser</strong> user directory. In this case, perform the operation of <a href="#EN-US_TOPIC_0000002164669354__li177571338172219">adding a public key for the first time</a>. Otherwise, perform the operation of <a href="#EN-US_TOPIC_0000002164669354__li1414218493223">adding a public key for a non-first time</a>.
       <pre class="screen">authorized_keys</pre>
      </div>
      <ul>
       <li id="EN-US_TOPIC_0000002164669354__li177571338172219"><a name="EN-US_TOPIC_0000002164669354__li177571338172219"></a><a name="li177571338172219"></a><strong>Adding a public key for the first time</strong>
        <ol type="a">
         <li>Run the following command to generate a public key:<pre class="screen">ssh-keygen -t rsa</pre></li>
         <li>In the SFTP CLI, run the following command to add the public key of user <strong>root</strong> on the client to the <strong>sftpuser</strong> user directory:<pre class="screen">put /root/.ssh/id_rsa.pub /sftpuser/authorized_keys</pre>
          <div class="note">
           <img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span>
           <div class="notebody">
            <p>After the addition, you can log in to the SFTP server as user <strong>sftpuser</strong> under user <strong>root</strong> on the client in password-free mode. Other users on the client still need to use passwords to log in to the server.</p>
           </div>
          </div></li>
        </ol></li>
       <li id="EN-US_TOPIC_0000002164669354__li1414218493223"><a name="EN-US_TOPIC_0000002164669354__li1414218493223"></a><a name="li1414218493223"></a><strong>Adding a public key for a non-first time</strong>
        <ol type="a">
         <li id="EN-US_TOPIC_0000002164669354__li1692011810253"><a name="EN-US_TOPIC_0000002164669354__li1692011810253"></a><a name="li1692011810253"></a>Run the following command to temporarily store the existing public key in the <strong>sftpuser</strong> user directory to the <span class="uicontrol"><b>/root/authorized_keys</b></span> file on the local server:<pre class="screen">get /sftpuser/authorized_keys /root/authorized_keys</pre></li>
         <li>Run the following command to exit the SFTP CLI:<pre class="screen">exit</pre></li>
         <li>Log in as a non-<strong>root</strong> user and run the following command to generate a public key. After the public key is generated, switch to user <strong>root</strong>.<pre class="screen">ssh-keygen -t rsa</pre></li>
         <li id="EN-US_TOPIC_0000002164669354__li1152402412311"><a name="EN-US_TOPIC_0000002164669354__li1152402412311"></a><a name="li1152402412311"></a>Run the following command to combine the public key of the current non-<strong>root</strong> user on the client with the existing public key in the <strong>sftpuser</strong> user directory. The combined public key is stored in the <span class="uicontrol"><b>/root/authorized_keys</b></span> file on the local server.<pre class="screen">cat /home/<em>xxx</em>/.ssh/id_rsa.pub &gt;&gt; /root/authorized_keys</pre>
          <div class="note">
           <img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span>
           <div class="notebody">
            <p><em>xxx</em> indicates the name of the non-<strong>root</strong> user.</p>
           </div>
          </div></li>
         <li>Perform <a href="#EN-US_TOPIC_0000002164669354__li1692011810253">2.a</a> to enter the SFTP CLI.</li>
         <li>Run the following command to add the combined public key in <a href="#EN-US_TOPIC_0000002164669354__li1152402412311">2.d</a>:<pre class="screen">put /root/authorized_keys /sftpuser/authorized_keys</pre></li>
        </ol></li>
      </ul> <p></p></li>
     <li><span>Run the following command to connect to the SFTP backup server as user <strong>sftpuser</strong>: Check whether public key addition is successful.</span><p></p><pre class="screen">sftp -oPort=<em>Port number</em> <em>SFTP username</em>@<em>SFTP server IP address</em></pre> <p>If the SFTP command line is displayed, the public key is added successfully.</p>
      <div class="note">
       <img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span>
       <div class="notebody">
        <p>Replace <em>Port number</em>, <em>SFTP username</em>, and <em>SFTP server IP address</em> in the command with the actual values.</p>
       </div>
      </div> <p></p></li>
    </ol>
   </div>
  </div>
 </body>
</html>